The hash symbol is a special URI character and so would have to be escaped to use it in the query string. (or you could post it via a form)
Not really a good idea to pass the entire SQL string anyway, would be better to just pass the parameters and let your results page create it. Otherwise you could get all sorts of SQL querys being passed (inserts, updates, deletes etc) by mischevous users.
PS: The % symbol is also reserved for denoting escaped values so you would also get problems sending SQL containing wildcards via the query string. IE ...Where Name Like '%jam%'...